Custom url 'this page include script from unauthenticated source' error

imp picture imp · Jun 23, 2014 · Viewed 8.1k times · Source

I am using windows 7 and python 2.7 I am using Custom url for launching an app. First I am opening a web page of BOX asking for user credentials for authentication. In the url, made redirect_uri = customuri://box_auth. So, BOX sends the success code to this redirect uri which launches app customuri.exe. But I am getting a shield icon Insecure content appearing in the address bar of my Google page

Hovering over the shield gives "This page includes script from unauthenticated sources."
On Inspect Element it shows,

https://app.box.com/api/oauth2/authorize?response_type=code&client_id=opun9…yt6q707s=authenticated&redirect_uri=curlargu://box_auth' was loaded over HTTPS, but ran insecure content from 'customuri://box_auth?state=authenticated&code=TZzZhJwlw4AbWcn5FgxvpBz5H': this content should also be loaded over HTTPS.

As custom url app should be launch with customuri://box_auth in chrome browser over https. So, how to handle this issue. Issue is with chrome only, firefox and IE working fine

customuri:// will launch an appplication as custom url. This application I had written in python language and then converted into an exe file. I had mapped customuri with the location of this exe file in registry

Answer

user3780548 picture user3780548 · Jun 26, 2014

The issue is non-secure scripts being run inside secure pages and is documented by Google here: https://support.google.com/chrome/answer/1342714?hl=en

As a user, you have the choice to click the shield icon in the browser bar and run the non-secure scripts or not. As a developer, you need to ensure your scripts inside secured pages are also from a secured source.